分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
URL | win7-sp1-x64-hpdapp03-1 | 2018-03-21 20:50:27 | 2018-03-21 20:52:48 | 141 秒 |
URL |
---|
URL专业沙箱检测 -> http://1.gaojiagroup.cn/?cRZLTRxuudpadkwO |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 103.71.236.13 | 未知 | 未知 |
否 | 122.224.45.50 | 未知 | 中国 |
域名 | 安全评级 | 响应 |
---|---|---|
1.gaojiagroup.cn | 未知 | A 103.71.236.13 |
www.microsoft.com |
CNAME e13678.ca.s.tl88.net A 122.224.45.50 CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net CNAME www.microsoft.com-c-3.edgekey.net |
Name: None Country: None State: None City: None ZIP Code: None Address: None Orginization: None Domain Name(s): gaojiagroup.cn Creation Date: None Updated Date: None Expiration Date: None Email(s): 5823222@qq.com Registrar(s): 易介集团北京有限公司 Name Server(s): v1.dnsdun.com v1.dnsdun.net Referral URL(s): None
防病毒引擎/厂商 | 网站安全分析 |
---|---|
CLEAN MX | Clean Site |
DNS8 | Clean Site |
VX Vault | Clean Site |
ZDB Zeus | Clean Site |
SCUMWARE_org | Clean Site |
ZCloudsec | Clean Site |
desenmascara_me | Clean Site |
CyRadar | Clean Site |
PhishLabs | Unrated Site |
Zerofox | Clean Site |
K7AntiVirus | Clean Site |
Virusdie External Site Scan | Clean Site |
Spamhaus | Clean Site |
Quttera | Clean Site |
AegisLab WebGuard | Clean Site |
MalwareDomainList | Clean Site |
ZeusTracker | Clean Site |
zvelo | Clean Site |
Google Safebrowsing | Clean Site |
Kaspersky | Unrated Site |
BitDefender | Clean Site |
Certly | Clean Site |
G-Data | Clean Site |
OpenPhish | Clean Site |
Malware Domain Blocklist | Clean Site |
MalwarePatrol | Clean Site |
Webutation | Clean Site |
Trustwave | Clean Site |
Web Security Guard | Clean Site |
Dr_Web | Clean Site |
ADMINUSLabs | Clean Site |
Malwarebytes hpHosts | Clean Site |
Opera | Clean Site |
AlienVault | Clean Site |
Emsisoft | Clean Site |
Rising | Clean Site |
Malc0de Database | Clean Site |
Phishtank | Clean Site |
Malwared | Clean Site |
Avira | Clean Site |
NotMining | Unrated Site |
CyberCrime | Clean Site |
Antiy-AVL | Clean Site |
Forcepoint ThreatSeeker | Clean Site |
FraudSense | Clean Site |
malwares_com URL checker | Clean Site |
Comodo Site Inspector | Clean Site |
Malekal | Clean Site |
ESET | Clean Site |
Sophos | Unrated Site |
Yandex Safebrowsing | Clean Site |
SecureBrain | Clean Site |
Nucleon | Clean Site |
Sucuri SiteCheck | Clean Site |
Blueliv | Clean Site |
Netcraft | Unrated Site |
AutoShun | Unrated Site |
ThreatHive | Clean Site |
FraudScore | Clean Site |
Tencent | Clean Site |
URLQuery | Clean Site |
StopBadware | Unrated Site |
Fortinet | Clean Site |
ZeroCERT | Clean Site |
Spam404 | Clean Site |
securolytics | Clean Site |
Baidu-International | Clean Site |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 103.71.236.13 | 未知 | 未知 |
否 | 122.224.45.50 | 未知 | 中国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 103.71.236.13 1.gaojiagroup.cn | 80 |
192.168.122.201 | 49170 | 122.224.45.50 www.microsoft.com | 80 |
192.168.122.201 | 49161 | 192.168.1.1 | 80 |
192.168.122.201 | 49162 | 192.168.1.1 | 80 |
192.168.122.201 | 49163 | 192.168.1.1 | 80 |
192.168.122.201 | 49164 | 192.168.1.1 | 80 |
192.168.122.201 | 49165 | 192.168.1.1 | 80 |
192.168.122.201 | 49166 | 192.168.1.1 | 80 |
192.168.122.201 | 49168 | 192.168.1.1 | 80 |
192.168.122.201 | 49169 | 192.168.1.1 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 54844 | 192.168.122.1 | 53 |
192.168.122.201 | 59793 | 192.168.122.1 | 53 |
192.168.122.201 | 60316 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
1.gaojiagroup.cn | 未知 | A 103.71.236.13 |
www.microsoft.com |
CNAME e13678.ca.s.tl88.net A 122.224.45.50 CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net CNAME www.microsoft.com-c-3.edgekey.net |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 103.71.236.13 1.gaojiagroup.cn | 80 |
192.168.122.201 | 49170 | 122.224.45.50 www.microsoft.com | 80 |
192.168.122.201 | 49161 | 192.168.1.1 | 80 |
192.168.122.201 | 49162 | 192.168.1.1 | 80 |
192.168.122.201 | 49163 | 192.168.1.1 | 80 |
192.168.122.201 | 49164 | 192.168.1.1 | 80 |
192.168.122.201 | 49165 | 192.168.1.1 | 80 |
192.168.122.201 | 49166 | 192.168.1.1 | 80 |
192.168.122.201 | 49168 | 192.168.1.1 | 80 |
192.168.122.201 | 49169 | 192.168.1.1 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 54844 | 192.168.122.1 | 53 |
192.168.122.201 | 59793 | 192.168.122.1 | 53 |
192.168.122.201 | 60316 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://1.gaojiagroup.cn/?cRZLTRxuudpadkwO | GET /?cRZLTRxuudpadkwO HTTP/1.1 Accept: */* Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=11&ved=0CCEQfjcU51c3dzam5xUmZ5WHFNdWdJ&url=http%3A%2F%2F1.gaojiagroup.cn%2F%3FcRZLTRxuudpadkwO&ei=ZU1sbmlxWmFEcnpn&usg=AFQjQWF2ak1idFZNWExs Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 1.gaojiagroup.cn Connection: Keep-Alive |
URL专业沙箱检测 -> http://192.168.1.1/ | GET / HTTP/1.1 Accept: */* Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=11&ved=0CCEQfjcU51c3dzam5xUmZ5WHFNdWdJ&url=http%3A%2F%2F1.gaojiagroup.cn%2F%3FcRZLTRxuudpadkwO&ei=ZU1sbmlxWmFEcnpn&usg=AFQjQWF2ak1idFZNWExs Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Connection: Keep-Alive Host: 192.168.1.1 |
URL专业沙箱检测 -> http://192.168.1.1/dynaform/class.css | GET /dynaform/class.css HTTP/1.1 Accept: */* Referer: http://192.168.1.1/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 192.168.1.1 Connection: Keep-Alive |
URL专业沙箱检测 -> http://192.168.1.1/dynaform/class.js | GET /dynaform/class.js HTTP/1.1 Accept: */* Referer: http://192.168.1.1/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 192.168.1.1 Connection: Keep-Alive |
URL专业沙箱检测 -> http://192.168.1.1/lib/jquery-1.10.1.min.js | GET /lib/jquery-1.10.1.min.js HTTP/1.1 Accept: */* Referer: http://192.168.1.1/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 192.168.1.1 Connection: Keep-Alive |
URL专业沙箱检测 -> http://192.168.1.1/lib/DM.js | GET /lib/DM.js HTTP/1.1 Accept: */* Referer: http://192.168.1.1/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 192.168.1.1 Connection: Keep-Alive |
URL专业沙箱检测 -> http://192.168.1.1/language/cn/str.js | GET /language/cn/str.js HTTP/1.1 Accept: */* Referer: http://192.168.1.1/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 192.168.1.1 Connection: Keep-Alive |
URL专业沙箱检测 -> http://192.168.1.1/lib/ajax.js | GET /lib/ajax.js HTTP/1.1 Accept: */* Referer: http://192.168.1.1/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 192.168.1.1 Connection: Keep-Alive |
URL专业沙箱检测 -> http://192.168.1.1/images/icon_me.ico | GET /images/icon_me.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: 192.168.1.1 Connection: Keep-Alive |
URL专业沙箱检测 -> http://www.microsoft.com/ | GET / HTTP/1.1 Host: www.microsoft.com Connection: Close |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2018-03-21 20:51:11.277409+0800 | 122.224.45.50 | 80 | 192.168.122.201 | 49170 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
No TLS
No Suricata HTTP
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
|
文件大小 | 32768 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 0aee387ca0a52dcdd8f8a29ea76edb42 |
SHA1 | 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9 |
SHA256 | c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e |
CRC32 | B451CA0B |
Ssdeep | 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ |
魔盾安全分析结果 | 2.0 分析时间:2016-11-06 20:10:20 查看分析报告 |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018032220180323\index.dat
|
文件大小 | 32768 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 76b5e19d4ad552f0f8da4e48b3527a07 |
SHA1 | 1392f8c89d61aac7a2ec03ed8076cafea665c84d |
SHA256 | 41168cfcfe01e97eddb364bdf2c75749d642e813969bf86775fa05ba96aa39a6 |
CRC32 | D8F14C45 |
Ssdeep | 6:qjyxXKh/mQeSb3bEpwYNFBCXeXwncBF3bEpMJFBCXeVXLcncB:qjRoO347BCXegnaF34UBCXeena |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
|
文件大小 | 262144 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | fbe6ba880d1f6cadfd771536120f2c73 |
SHA1 | 34b1a30160c6c7675a5c69b62d98661ab7a494bb |
SHA256 | a2cdabb3fc43f2e94ca47fac764eea7819768bdf094690a6369be41fc4a5fd01 |
CRC32 | E94B92FD |
Ssdeep | 768:pFFwZHojCtOlWNw3nsiMsieuugxdKOri:rFwZIjCtkWm3siMbeuugxdKoi |
下载 提交魔盾安全分析 |
文件名 | {6D78DFE4-2D06-11E8-8D49-52540055321F}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6D78DFE4-2D06-11E8-8D49-52540055321F}.dat
|
文件大小 | 5120 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | f3d37b7212610fbfe8ab20dfa5e6ee0f |
SHA1 | 4d0390dffe0e876030820120ffa06a981f117563 |
SHA256 | a06875d3219c6ec755314ca367e12fd3f1efec28ac4ae154a46ab043e978f840 |
CRC32 | 42B391FA |
Ssdeep | 24:rIvgl1z1GKUjZuTZQ1rNlxoKNNlxoK2WgVWtWgY9:r/l1z1Gmifo0oFW/tWR |
下载 提交魔盾安全分析 |
文件名 | RecoveryStore.{6D78DFE3-2D06-11E8-8D49-52540055321F}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6D78DFE3-2D06-11E8-8D49-52540055321F}.dat
|
文件大小 | 3584 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | 7de1178e5db97b0c87c1c2c444cce0b2 |
SHA1 | ae34fbe1b08b4f95c3d94ced5f02d64f4a5280b6 |
SHA256 | 7aa2426f85eaebcf8178401d82959aeba8ec582d4d1054e5c60b43efb978f174 |
CRC32 | CF5F1109 |
Ssdeep | 12:rl0YmGF2lGWrEg5+IaCrI017+FFDrEgmf+IaCy8qgQNlTqohrw4:rIlx5/yGv/TQNlWo |
下载 提交魔盾安全分析 |
文件名 | icon_me[1].jpg |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\icon_me[1].jpg
|
文件大小 | 1150 字节 |
文件类型 | MS Windows icon resource - 1 icon, 16x16 |
MD5 | 72d32a8da118b965f9de84cede9b9fed |
SHA1 | 7476901160bc7f54c9d3042baca4f65803339b3d |
SHA256 | 8c25ce11169187d264e2211d2599b367a7b3ceb4b77861f1efb93c7fcba46551 |
CRC32 | 67AC2887 |
Ssdeep | 12:bv98Ya/1HHcu8XwIkK4apaRFAk8WxtkiZa+/svbZXwB3:RQtZmzoy4/iXwB |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
|
文件大小 | 65536 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 191d3d20f356bf520a7d1ed07b1bc08b |
SHA1 | bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a |
SHA256 | d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788 |
CRC32 | BFF870C9 |
Ssdeep | 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 140241 |
---|---|
Mongo ID | 5ab255d5a093ef1cee6dc9ae |
Cuckoo release | 1.4-Maldun |